The CNIL has given formal notice to some twenty organizations for breaches of legislation on cookies. – Michel spingler
The rules regarding cookies have changed, but some web players still have not complied with them. After starting checks at the beginning of April, the Cnil thus noted “that a certain number of organizations still did not allow Internet users to refuse cookies as easily as to accept them”, explains the regulator in a press release.
The French gendarme of personal data has decided not to leave these breaches relating to the legislation on cookies. The CNIL announced Tuesday the formal notice of “twenty organizations”, composed “mainly of important companies in the digital economy” including “international players”.
Sanctions up to 2% of turnover
The companies and public actors concerned have one month to comply and incur penalties of up to 2% of turnover, indicates the CNIL. As the formal notices are not public, the names of these organizations have not been disclosed.
“This is the first campaign of verifications and corrective measures since the expiry (on April 1) of the deadline given to players to bring their sites and mobile applications into compliance with the new rules on cookies. Similar actions will be carried out over the next few months, ”recalls the Cnil.
A button “Refuse all”
In October 2020, the National Commission for Data Protection and Civil Liberties published its “recommendation” on targeted advertising, the result of a long consultation process to apply the principles of the European General Data Protection Regulation (GDPR), which entered into force in 2018. This provides in particular for explicit consent to the collection of personal data.
In concrete terms, the regulator wants the “Refuse all” button on the consent collection banners to be as easy to access as “Accept all”. The CNIL had left the publishers of sites and mobile applications six months to adapt. In the meantime, however, it had sanctioned Google and Amazon with record fines of 100 and 35 million euros due to non-compliant information banners, on the basis of legislation prior to the GDPR.